News and general opinion, often privacy, security or computer related, but could be about anything really, including religion, politics, the environment, business or audio books. "Never ascribe to malice, that which can be explained by incompetence." -- Napoleon Bonaparte

Sunday, June 25, 2006

This month's regularly scheduled security patch release was the worst Microsoft has seen in over a year, with the software giant shipping fixes for 12 security flaws, eight of them rated as critical, the most serious rating. Nine of the fixes are for various Windows versions, while two are for Microsoft Office and one is for Microsoft Exchange Server.As always, Windows users are advised to run Automatic Updates to download the updates, or visit Windows Update or Microsoft Update at the Microsoft Web site. Because hackers are exploiting at least one of the flaws patched this week, Microsoft recommends that its customers update their machines as quickly as possible.In related news, Microsoft revealed this week via its Security Response Center blog that it won't be fixing one of the critical security flaws for Windows Me, Windows 98, and Win98SE. "After extensive investigation, we've found that it's not feasible to make the extensive changes necessary to Windows Explorer on these older versions of Windows to eliminate the vulnerability," the blog reads. "This is because during the development of Windows 2000, we made significant enhancements to the underlying architecture of Windows Explorer. The Windows Explorer architecture on these older versions of Windows is much less robust than the more recent Windows architectures.""Due to these fundamental differences, these changes would require reengineering a significant amount of a critical core component of the operating system. After such a reengineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate on the updated system."Microsoft recommends that users still running these older OSs follow its workaround instructions to avoid being hacked, but it also notes that it'll cease supporting these systems next month.